From 4d80122ae82aea86cb740b5202f6c3fde6183538 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen@networkplumber.org>
Date: Mon, 18 Sep 2023 11:34:42 -0700
Subject: [PATCH] bridge: fix potential snprintf overflow

There is a theoretical snprintf overflow in bridge slave bitmask
print code found by CodeQL scan.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
 ip/iplink_bridge_slave.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/ip/iplink_bridge_slave.c b/ip/iplink_bridge_slave.c
index dc73c8657..3821923b5 100644
--- a/ip/iplink_bridge_slave.c
+++ b/ip/iplink_bridge_slave.c
@@ -100,13 +100,20 @@ static void _bitmask2str(__u16 bitmask, char *dst, size_t dst_size,
 	int len, i;
 
 	for (i = 0, len = 0; bitmask; i++, bitmask >>= 1) {
+		int n;
+
 		if (bitmask & 0x1) {
 			if (tbl[i])
-				len += snprintf(dst + len, dst_size - len, "%s,",
+				n = snprintf(dst + len, dst_size - len, "%s,",
 						tbl[i]);
 			else
-				len += snprintf(dst + len, dst_size - len, "0x%x,",
+				n = snprintf(dst + len, dst_size - len, "0x%x,",
 						(1 << i));
+
+			if (n < 0 || n >= dst_size - len)
+				break;
+
+			len += n;
 		}
 	}
 
-- 
2.47.2